From 169d8bed767b074a72b32c28072e5b79edd3e79a Mon Sep 17 00:00:00 2001
From: Maximilian Moser <maximilian.moser@tuwien.ac.at>
Date: Tue, 17 Sep 2024 22:47:24 +0200
Subject: [PATCH] WIP: start implementing tests for permissions

---
 tests/test_permissions.py | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)
 create mode 100644 tests/test_permissions.py

diff --git a/tests/test_permissions.py b/tests/test_permissions.py
new file mode 100644
index 0000000..e8c9e25
--- /dev/null
+++ b/tests/test_permissions.py
@@ -0,0 +1,20 @@
+from invenio_config_tuw.permissions.policies import TUWRecordPermissionPolicy
+from invenio_access.permissions import system_identity as system
+
+
+def can(identity, action, **kwargs):
+    """Check if the identity has permission to perform the action."""
+    return TUWRecordPermissionPolicy(action, **kwargs).allows(identity)
+
+
+def test_reading_deleted():
+    assert can(system, "read_deleted")
+    # TODO any user, authenticated, trusted-user, ...
+
+
+def test_record_creation():
+    assert can(system, "create")
+    # TODO more
+
+
+# TODO more interesting cases: who can read drafts, etc.
-- 
GitLab